[h1fra]

Interesting. Default behavior could be improved. I blindly pasted a curl, except showing my curl it didn't make any headers modifiable. It also didn't redacted the Authorization header. Also there is no way to delete a page.

[markerz]

FYI, you can delete anyone's CURL (including your own if you were unauthenticated) with the following curl:

https://uncurl.dev/curl/78ab4bf5-34e8-45a0-b3b1-32dd6aa7e360

or this command

    curl -X DELETE "https://uncurl.dev/api/curls?id=051606b5-49c8-4f14-9689-4d424f71d331"

Looks like deletes are unauthenticated.

[darubramha]

Haha love that you shared the curl with the uncurl.dev url!

Yes, delete is unauthenticated as highlighted, will be working on a fix for this. And you can delete any API if it is created as a logged in user.

[serial_dev]

Whether redacting the auth header is the best choice can be determined on a case by case basis, so I don't think it should redact by default. A big scary warning would definitely make sense, though!

[byearthithatius]

Exact same thing happened to me. Had to reset my HN user cookie because accidentally pasted my downvote curl command.